Squid 3.2 - Proper configuration for random outbound IP with a single user authentication?

Question

I'm attempting to use AclRandom for Squid 3.2 and I think I'm a bit confused on the proper method for this. Here is my configuration:

http_port 3128
auth_param basic program /usr/local/squid32/libexec/basic_ncsa_auth /usr/local/squid32/etc/passwords
auth_param basic children 5
auth_param basic realm proxy
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl my_auth proxy_auth REQUIRED
http_access allow my_auth

max_filedesc 32768

acl randomIP random 1/3
tcp_outgoing_address x.154.198.x randomIP
tcp_outgoing_address x.154.198.x randomIP
tcp_outgoing_address x.154.198.x randomIP

tcp_outgoing_address x.154.198.x

forwarded_for delete
via off

And it is always using the first IP address in the list. Does anyone know how I can make it randomly use one of the 3? Also I'm getting a lot of TCP_MISS for any website I'm requesting, does something else look strange?

Edit: Update with potential solution:

http_port 3128
auth_param basic program /usr/local/squid32/libexec/basic_ncsa_auth /usr/local/squid32/etc/passwords
auth_param basic children 5
auth_param basic realm proxy
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl my_auth proxy_auth REQUIRED
http_access allow my_auth
http_access allow localhost
http_access deny all

max_filedesc 32768

authenticate_ttl 5 seconds
authenticate_ip_ttl 1 seconds

acl r_14 random 1/14
acl r_13 random 1/13
acl r_12 random 1/12
acl r_11 random 1/11
acl r_10 random 1/10
acl r_9 random 1/9
acl r_8 random 1/8
acl r_7 random 1/7
acl r_6 random 1/6
acl r_5 random 1/5
acl r_4 random 1/4
acl r_3 random 1/3
acl r_2 random 1/2
acl r_1 random 1/1

tcp_outgoing_address x.x.198.145 r_14
tcp_outgoing_address x.x.198.146 r_13
tcp_outgoing_address x.x.198.147 r_12
tcp_outgoing_address x.x.198.148 r_11
tcp_outgoing_address x.x.198.149 r_10
tcp_outgoing_address x.x.198.150 r_9
tcp_outgoing_address x.x.198.151 r_8
tcp_outgoing_address x.x.198.152 r_7
tcp_outgoing_address x.x.198.153 r_6
tcp_outgoing_address x.x.198.154 r_5
tcp_outgoing_address x.x.198.155 r_4
tcp_outgoing_address x.x.198.156 r_3
tcp_outgoing_address x.x.198.157 r_2
tcp_outgoing_address x.x.198.158 r_1

tcp_outgoing_address x.x.198.148

forwarded_for delete
via off

Each step takes that much away so to go three ways you have 1/3, 1/2 and all. — Brian, Feb 17 '14 at 21:51

Brian · Answer 1 · 2014-02-17T22:23:19.250

1

There is an example in the online docs is for a three way split. Each step takes away a portion of the traffic that gets to that step and not a portion of all traffic.

Starting with all traffic taking a 1/3 leaves 2/3.
Take half of 2/3 leaves 1/3
Take all of the remaining 1/3

Squid-Cache-Wiki: Feature: ACL type "Random"

acl third random 1/3
acl half random 1/2

tcp_outgoing_address x.154.198.x third
tcp_outgoing_address x.154.198.x half
tcp_outgoing_address x.154.198.x

Your config has 1/3, 1/3, 1/3, all which works out to:

Starting with all take 1/3 leaving 2/3
Take 1/3 of 2/3 (2/9) leaves 4/9
Take 1/3 of 4/9 (4/27) leaves 8/27
Take the remaining 8/27

If your first and fourth outgoing address are the same then it will get 17/27ths of the traffic.

edited Feb 17 '14 at 22:23

answered Feb 17 '14 at 21:54

Brian

3,386
17
16

I didn't realize this - I actually have 14 IPs I want to use, so I probably shouldn't use this method? – Geesu Feb 17 '14 at 22:21
Yout can, at each step it's a declining fraction amount of the traffic so 1/14, 1/13, 1/12, 1/11, 1/10 down to 1/1 if you have for 14 addresses to distribute traffic across. Adding an additional address would then be easy to do at top using 1/15. – Brian Feb 17 '14 at 22:51
I just tried this and it's still defaulting to the first IP when I go to whatismyip.com - updating my original post – Geesu Feb 17 '14 at 23:46
OK it's working - sadly I didn't have the IPs in my interface. Although the first is always being preferred based on refreshing whatismyip about 20 times :/ – Geesu Feb 17 '14 at 23:53
1

That is likely persistent server connections kicking in - rather than open a new connection to the web server for every request one connection is opened and multiple requests performed which improves performance. Using `server_persistent_connections off` (the default is on) will make a connection for each request which should each use a random outgoing address. – Brian Feb 18 '14 at 00:01

Squid 3.2 - Proper configuration for random outbound IP with a single user authentication?

1 Answers1